Re: Is it possible to define different source emai...

marlog · ‎11-16-2017

Looks like it is possible to set "Send email as" to a custom email address that would appear in the From field in scheduled alerts/reports. However, this would take effect across the board and we have different teams that would like to use their group emails for their alerts/reports. Is it possible to set different "Send email as" to different alerts/reports?

somesoni2 · ‎11-16-2017

I believe you can set the action.email.from = for each saved search/alert level. See if that's available for update from Splunk Web UI in advanced edit on Searches, reports and alerts.

elliotproebstel · ‎11-16-2017

Sure, if you use the sendemail command inline on the search. For example:

index=myindex | head 10 | sendemail to=recipient@test.com from=sender@test.com

elliotproebstel · ‎11-16-2017

BTW, you can read about the whole list of options available with the sendemail command here:
http://docs.splunk.com/Documentation/Splunk/7.0.0/SearchReference/Sendemail

marlog · ‎11-16-2017

Thank you very much for your suggestion. However, I am looking at "Schedule PDF Delivery" where the Dashboard can be sent as a PDF attachment to an email. And also regular scheduled Alerts.

elliotproebstel · ‎11-16-2017

Ahh, in that case, then I think @somesoni2 is on the right track for helping you in his comment above!

Is it possible to define different source email addresses for different scheduled reports/alerts?

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Are you a member of the Splunk Community?

Is it possible to define different source email addresses for different scheduled reports/alerts?

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25